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ABSTRACT 

Public  key  management  in  mobile  ad  hoc  networks  (MANETs) 
has  been  studied  for  several  decades.  Yet  no  single  solution  has 
completely  resolved  well  known  design  challenges  resulting  from 
the  unique  characteristics  of  MANETs.  These  challenges  include 
no  centralized  trusted  entities,  resource  constraints,  and  high 
security  vulnerabilities.  This  work  proposes  a  fully  distributed 
trust-based  public  key  management  approach  for  MANETs  using 
a  soft  security  mechanism  based  on  the  concept  of  trust.  Instead  of 
using  hard  security  approaches,  as  in  traditional  security 
techniques,  to  eliminate  security  vulnerabilities,  our  work  aims  to 
maximize  performance  by  trading  off  risk  (i.e.,  security 
vulnerability)  for  trust.  In  this  work,  we  propose  a  composite 
trust-based  public  key  management  (CTPKM)  with  no  centralized 
trust  entity  with  the  goal  of  maximizing  performance  (e.g.,  service 
availability  or  efficiency)  while  mitigating  security  vulnerability. 
Each  node  employs  a  trust  threshold  to  determine  whether  or  not 
to  trust  another  node.  Each  node’s  decision  making  using  the 
given  trust  threshold  affects  performance  and  security  of  CTPKM. 
Our  simulation  experimental  results  show  that  there  exists  an 
optimal  trust  threshold  that  can  best  balance  and  meet  the 
conflicting  goals  between  performance  and  security,  exploiting 
the  inherent  tradeoff  between  trust  and  risk. 
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1.  INTRODUCTION 

In  resource-constrained  network  environments  such  as  mobile  ad 
hoc  networks  (MANETs),  it  is  not  feasible  or  efficient  to  employ 
cryptographic  techniques  for  key  management  due  to  high 
computation  and  communication  overhead  as  well  as  network 
dynamics  that  could  require  frequent  key  reassignments.  In 
addition,  the  unique  nature  of  MANETs  does  not  allow  any 
centralized  trusted  certificate  authority  (CA)  to  deal  with  all  key 
management  operations  including  key  generation,  distribution, 
update,  and  revocation.  Essentially,  we  are  not  able  to  build  a 
perfect  system  even  using  hard  security  approaches  (e.g., 
encryption  or  authentication  techniques)  to  meet  the  dual  goals  of 
efficiency  and  security  due  to  their  inherent  tradeoff.  In  this  work, 
we  take  a  soft  security  approach  by  applying  the  concept  of  trust 


in  order  to  meet  security  requirements  while  maximizing 
performance. 

Specifically,  we  propose  a  composite  trust  based  public  key 
management  (CTPKM)  for  MANETs.  The  proposed  protocol  is 
designed  to  meet  a  required  level  of  security  (e.g.,  exposed  risk) 
as  well  as  to  meet  performance  requirements  (e.g.,  service 
availability  or  communication  overhead),  without  relying  on 
trusted  third  parties  such  as  CAs.  The  proposed  protocol  aims  to 
be:  (1)  resilient  against  misbehaving  nodes  (i.e.,  untrustworthy 
nodes)  in  the  network  in  order  to  maintain  minimum  security 
vulnerability  (i.e.,  a  small  number  of  nodes  using  an  undetected 
compromised  key);  (2)  available  in  service  provision  in  the 
presence  of  threats  (i.e.,  a  sufficient  number  of  valid/correct 
public  keys  kept  in  each  node);  and  (3)  efficient  in  minimizing 
communication  overhead  incurred  by  the  proposed  key 
management  operations. 

The  main  contributions  of  this  work  are  as  follows.  Eirst, 
different  from  hard  security  that  strictly  adheres  to  credential- 
based  security  policies  regardless  of  network  dynamics  or  security 
requirements,  this  work  uses  a  soft  security  approach  based  on  the 
concept  of  trust  to  exploit  the  tradeoff  between  risk  (i.e.,  security 
vulnerability)  and  tmst  (i.e.,  performance).  We  use  the  definition 
of  trust  as  the  willingness  to  take  a  risk  to  achieve  a  given  task 
[16].  However,  at  the  same  time,  it  is  critical  to  minimize  risk  in 
order  to  achieve  the  task  successfully.  This  work  examines  a  way 
to  meet  an  acceptable  risk  (not  to  eliminate  risk  but  to  be  tolerable 
against  security  vulnerability  or  risk)  while  maximizing 
performance  including  high  service  availability  (i.e.,  more  valid 
public  keys)  and  low  communication  overhead.  Second,  we  use  a 
composite  tmst  metric  considering  various  aspects  of  tmst  in  an 
entity,  instead  of  considering  a  single  dimension  of  tmst;  this 
composite  nature  of  tmst  has  not  been  addressed  particularly  for 
MANET  environments  in  the  literature.  Third,  the  proposed 
public  key  management  scheme  is  a  fully  distributed  algorithm 
that  can  best  fit  a  MANET  environment  without  requiring  any 
centralized  tmsted  CA.  Lastly,  by  exploiting  the  inherent  tradeoff 
between  trust  and  risk,  we  identify  an  optimal  tmst  threshold  (for 
differentiating  tmstworthy  vs.  untmstworthy  in  our  protocol) 
under  which  the  key  management  service  availability  is 
maximized. 

The  rest  of  the  paper  is  organized  as  follows.  Section  2 
discusses  related  work.  Section  3  describes  the  system  model.  To 
be  specific,  we  discuss  the  tmst  model  in  Section  3.1,  the 
proposed  public  key  management  scheme  (CTPKM)  in  Section 
3.2,  the  attack  model  in  Section  3.3,  and  the  performance  metrics 
in  Section  3.4.  We  show  our  numerical  results  and  analysis  in 
Section  4.  We  conclude  our  paper  and  outline  future  work 
directions  in  Section  5. 


2.  RELATED  WORK 

In  the  literature,  public  key  management  for  MANETs  has 
been  explored  mainly  with  the  following  schemes:  certificate- 
based,  identity-based  (ID-based),  threshold  cryptography, 
certificate-less  cryptography,  and  hybrid  mechanisms  combining 
multiple  existing  methods. 

Certificate-based  public  key  management  approaches  require 
public  keys  to  be  distributed  where  the  receiving  party  should  be 
able  to  authenticate  the  received  key  based  on  the  certificate  of  the 
public  keys.  Thus,  a  trusted  CA  is  required  to  deal  with  key 
management  operations  including  key  generation,  distribution, 
revocation,  and  update  [8].  For  MANETs  without  trusted  CAs, 
certificate-based  approaches  should  operate  in  a  self-organized 
way.  Capkun  et  al.  [3]  proposed  a  certificate-based  public  key 
management  where  each  node  issues  pairs  of  its  own  public  and 
private  keys  and  the  certificate  of  the  public  key  with  a  limited 
validity  period  so  as  to  deal  with  network  partitions  in  MANETs. 
However,  finding  a  valid  certificate  chain  generates  high 
communication  overhead.  In  addition,  explicit  key  revocation 
requires  high  communication  overhead  while  implicit  key 
revocation  leads  to  security  vulnerability  until  the  private  key 
compromise  is  detected.  Chang  and  Kuo  [4]  proposed  a  two-step 
secure  authentication  protocol  for  multicast  MANETs.  In  order  to 
deal  with  key  management,  they  used  the  highest  trustworthy 
node  as  a  CA  and  the  second  highest  trustworthy  node  as  a  backup 
CA.  However,  different  from  our  work,  they  considered  trust  is 
already  in  place  and  static  over  time. 

Huang  and  Wu  [10]  proposed  a  certificate  path  discovery 
algorithm  for  MANETs  based  on  the  hierarchical  PKI  structure 
using  multiple  CAs  with  no  specific  trust  framework  given. 
Huang  and  Nicol  [11]  proved  that  the  shortest  certificate  chain 
does  not  guarantee  the  most  trustworthy  path  to  obtain  the  public 
key  of  a  target  node  due  to  different  trustworthiness  observed  in 
each  intermediate  node  on  the  certificate  chain.  Vinh  et  al.  [18] 
employed  a  group  header  for  public  key  management  in  a  group 
communication  system  where  the  group  header  is  selected  based 
on  trust. 

Shamir  [15]  proposed  the  concept  of  ID-based  public  key 
management  scheme  which  generates  a  public  key  based  on  the 
ID  of  the  node  (e.g.,  IP  or  email  address)  and  its  corresponding 
private  key  generated  by  a  trusted  CA.  The  weakness  of  the  ID- 
based  scheme  is  its  known  high  security  vulnerability  under  the 
compromise  of  the  trusted  CA.  Even  with  this  disadvantage,  the 
ID-based  public  key  management  is  popularly  applied  in  resource- 
restricted  network  environments  since  it  reduces  communication 
overhead  by  reducing  the  size  of  secret  information  (i.e.,  ID)  to 
generate  a  public  key. 

In  threshold  cryptography  [9],  the  private  CA  key  is 
distributed  over  a  set  of  server  nodes  through  a  (k,  n)  secret 
sharing  scheme.  The  private  CA  key  is  shared  between  n  nodes  in 
such  a  way  that  at  least  k  nodes  must  cooperate  in  order  to  reveal 
the  key.  However,  a  central  trusted  dealer  exists  to  select  servers 
as  the  coordinators  for  key  management,  resulting  in  a  single 
point  of  failure.  In  addition,  the  inherent  weakness  of  the  secret 
sharing  scheme  is  the  substantial  delay  when  the  set  of 
trustworthy  server  nodes  are  not  found  to  generate  the  private  CA 
key.  Besides,  when  the  CA  is  compromised,  the  system  is 
compromised.  Dahshan  and  Irvin  [8]  proposed  a  trust-based 
threshold  cryptography  scheme  for  MANETs  in  which  a  private 
key  can  be  generated  by  a  share  of  keys  obtained  from  a  set  of 
trustworthy  1-hop  neighbors.  However,  the  weaknesses  described 
above  cannot  be  solved  particularly  in  low  node  density  or  highly 


hostile  network  environments,  while  our  protocol  concerns 
resilience  against  node  attack  behaviors. 

To  cope  with  the  communication  overhead  incurred  in 
exchanging  certificates,  Sattam  et  al.  [13]  introduced  the  concept 
of  certificate-less  public  key  cryptography  (CL-PKG).  Compared 
to  traditional  public  key  cryptographic  systems,  CL-PKC  does  not 
require  the  use  of  certificates  to  ensure  the  authenticity  of  public 
keys.  A  trusted  third  party  (TTP)  having  a  private  master  key 
manages  the  authenticity  of  public  keys. 

Some  researchers  proposed  hybrid  public  key  management 
mechanisms  that  combine  the  features  of  multiple  existing 
schemes.  Sun  et  al.  [17]  combined  ID-based  key  management  and 
threshold  cryptography  to  propose  a  key  management  solution  for 
MANETs  without  any  trusted  CAs.  Secret  shares  are  distributed 
by  each  node  and  a  trusted  CA  is  not  needed  to  generate  a  master 
private  key.  However,  as  is  the  nature  of  threshold  cryptography, 
key  updates  require  high  communication  overhead  due  to  the 
communications  of  secret  shares  upon  every  key  update.  In 
addition,  it  is  not  clear  how  one  should  pick  a  set  of  nodes  for 
private  key  generation.  Li  et  al.  [12]  used  Sattam’s  certificate-less 
public  key  cryptography  to  eliminate  the  key  escrow  problem  and 
employed  threshold  cryptography  to  obviate  the  need  for  a 
centralized  third  party.  However,  this  work  still  assumes  that  there 
exist  multiple  trusted  Key  Generating  Centers  (KGCs)  for 
managing  shares  of  a  master  private  key.  Moreover,  the  selection 
of  KGCs  is  not  based  on  their  trustworthiness,  but  rather  they  are 
the  ones  with  the  smallest  ID.  Thus,  the  countermeasure  for  the 
compromise  of  KGCs  is  not  considered. 

3.  SYSTEM  MODEL 

We  consider  a  MANET  with  no  centralized  trusted  entities  (i.e., 
no  centralized  CA)  to  deal  with  public  key  management.  Nodes 
are  modeled  with  heterogeneous  characteristics  with  vastly 
different  speed  (vj),  monitoring  capability  (which  affects  the  false 
positive/negative  probability  of  detection  denoted  by  Pfp/Pfn), 
group  join/leave  rate  (Vp),  and  a  different  trust  level  in  integrity, 
competence,  or  social  contact.  For  trust  properties,  we  discuss 
them  in  detail  in  Section  3.1  below.  We  assume  that  a  node  moves 
around  based  on  random  mobility  over  the  operational  area  with 
its  given  speed.  A  node’s  private  key  may  also  be  compromised 
when  the  node  possessing  the  private  key  itself  is  not 
compromised.  We  assume  the  private  key  compromise  event 
arrives  exponentially  with  the  rate  ^comp-  A  node’s  trust  is 
evaluated  based  on  multiple  aspects  of  trust:  competence, 
integrity,  and  social  contact.  We  describe  each  trust  component  in 
Section  3.1. 

An  entity  (or  node)  is  assumed  to  be  a  device  carried  by  a 
human  (e.g.,  dismounted  soldiers  or  disaster  rescue  staff).  Each 
entity  is  able  to  communicate  with  other  entities  using 
public/private  key  pairs  obtained  through  the  proposed  CTPKM. 
A  node  will  use  a  certain  trust  threshold  to  interact  with  another 
node.  That  is,  given  a  trust  threshold  Tth>  a  node  will  assume  a 
certain  amount  of  risk  and  communicate  with  another  node  whose 
trust  level  is  equal  to  or  above  Tti,.  We  investigate  the  impact  of 
trust  threshold  on  performance  metrics.  Our  proposed  protocol 
satisfies  the  requirements  of  self-organized  and  distributed  key 
management  for  MANETs  as  discussed  in  [7]: 

•  No  single  point  of  failure,  i.e.,  no  trusted  third  party  is  required; 

•  Resilience  with  low-security  vulnerability  in  the  presence  of 
hostile  entities,  i.e.,  little  exposure  of  a  compromised  key; 

•  High  service  availability,  i.e.,  a  sufficient  number  of  valid 
public  keys  kept  in  each  node;  and 


•  Scalability  in  terms  of  low  communication  overhead  for 
obtaining  a  valid  public  key. 

3.1  Trust  Model 

We  consider  three  trust  components:  competence,  integrity,  and 
social  contact.  We  capture  the  competence  and  integrity 
characteristics  from  communication  networks  while  deriving 
social  contact  characteristic  from  social  networks.  The  three  trust 
components  are: 

•  Competence  (C):  This  refers  to  an  entity’s  capability  to  serve 
received  requests  in  terms  of  a  node’s  cooperativeness  and 
availability.  Availability  may  be  affected  by  network  conditions 
such  as  link  failure,  energy  depletion,  and  voluntary  or 
involuntary  disconnection  (i.e.,  leaving  the  network).  This  is 
measured  by  the  ratio  of  the  number  of  positive  experiences  to 
the  total  experiences  in  packet  forwarding. 

•  Integrity  (I):  This  is  the  honesty  of  an  entity  in  terms  of 
network  attack  behaviors  such  as  fake  identity  dissemination 
(e.g.,  compromise  another  node’s  private  key  by  identity  or 
Sybil  attack),  false  recommendation,  message  modification  or 
forgery.  This  is  computed  as  the  number  of  positive  experiences 
over  the  total  experiences  related  to  compliance  of  a  protocol. 

•  Social  Contact  (SC):  This  is  defined  as  the  number  of  nodes 
that  a  node  encounters  during  a  trust  update  interval  T^pjate  over 
the  total  number  of  nodes  in  the  network.  If  an  entity  has  high 
SC,  it  is  more  likely  to  disseminate  information  quickly  to  the 
network,  compared  to  the  ones  with  low  SC.  An  entity’s 
mobility  pattern  may  affect  trust  in  this  component. 

We  assume  that  a  node’s  trust  profile  is  available,  describing  its 
inherent  behavior  patterns  that  can  be  scaled  in  [0,  1].  In  our 
experiment  setting,  we  generate  the  trust  profile  based  on  uniform 
distribution  with  the  range  in  [GB,  1]  where  GB  is  the  lower 
bound  of  good  behavior.  In  this  work,  trust  is  being  used  for 
decision  making,  including  obtaining  a  certificate  of  a  public  key, 
distributing  a  public  key,  requesting  a  public  key  of  a  target  node, 
and  providing  a  public  key  requested.  The  reasons  we  pick  the 
above  three  trust  components  are  (1)  with  competence  trust,  we 
assure  fast  propagation  of  public  keys;  (2)  with  integrity  trust,  we 
increase  the  probability  that  public  keys  propagated  are 
valid/correct;  and  (3)  with  social  contact  trust,  we  increase  the 
probability  of  finding  a  valid  public  key  from  nodes  having  many 
social  contacts. 

In  this  work,  we  build  CTPKM  on  top  of  a  trust  model 
developed  in  [6]  in  which  we  examined  the  optimal  trust  chain 
length  (TC)  that  maximizes  trust  accuracy  (or  minimizes  trust 
bias)  based  on  the  difference  (absolute  value)  between  actual  trust 
values  (ground  truth)  and  estimated  trust  values.  Here  we  describe 
the  key  part  of  the  trust  model  in  [6].  Trust  value  is  scaled 
between  0  and  1  as  a  real  number.  Trust  of  each  trust  component 
X  is  computed  based  on  the  aggregation  of  both  direct  and 
indirect  evidences.  Trust  of  node  j  (trustee:  trusted  party) 
evaluated  by  node  i  (trustor:  trusting  party)  in  trust  component  X 
is: 

if(|Rj|  >  0  &&HD(i,k)  <  TC) 

1)^(1)  =  aTfl-^'Ct)  +  (1  -  a)Ti‘f-='(t)  (1) 

else  Ti^(t)  =  yTijCt  -  At) 

Ti*j“^(t)  is  direct  trust  based  on  direct  observations  and  Tj'°  ^(t) 
is  indirect  trust  based  on  recommendations  from  1-hop  neighbors 


of  node  j.  Rj  is  the  set  of  recommendations  correctly  received 
from  node  j’s  1-hop  neighbors.  The  availability  of 
recommendations  ( |  Rj  |  >  0 )  is  affected  by  the  receipt  of  the 
correct  recommendations  that  are  affected  by  packet  dropping 
behaviors  and  integrity  (e.g.,  dishonest  behaviors)  of  a  node. 
HD(i,  k)  is  the  number  of  hop  distance  between  nodes  i  and  k 
where  node  i  is  a  trustor  (requestor)  and  node  k  is  a  recommender 
of  node  j  (1-hop  neighbor  of  node  j).  In  order  for  the  new  indirect 
evidence  to  be  used  for  trust  update,  recommender  node  k  for 
node  j  should  exist  within  the  TC  number  of  hops  from  node  i  and 
the  correct  recommendation  should  arrive  safely  in  node  i.  We 
will  use  the  optimal  TC  identified  in  this  work,  but  do  not 
investigate  this  in  detail  because  this  is  already  examined  in  [6]. 
The  correctness  of  the  recommendations  is  ensured  by  referring  to 
direct  opinions  of  referral  recommenders  (forwarding  the  original 
recommendation)  attached  to  the  original  message  with  any 
detection  error  of  the  intermediate  nodes  forwarding  the 
recommendation  [6].  a  and  (1-  a)  are  the  weights  for  direct  and 
indirect  evidences  respectively  where  a  is  between  0  and  1.  We 
observe  that  when  the  weight  (a)  for  direct  evidence  is  low,  high 
trust  accuracy  is  observed,  or  vice-versa.  This  is  because  only 
correct  recommendations  based  on  unanimous  agreement  by  all 
intermediate  nodes  that  pass  the  recommendation  are  used  as 
indirect  evidence  while  new  direct  evidence  cannot  be  collected 
easily  due  to  node  mobility.  When  no  correct  recommendations 
are  received  from  recommender  k  located  within  TC  hops  from 
node  i,  trust  decays  with  a  decay  factor  y  over  At,  the  periodic 
trust  update  interval  T^pdate. 

The  direct  trust  of  node  i  in  node  j  on  trust  component  X  at 
time  t,  Tj'j“^(t),  is  computed  as: 


-pD-X 

‘i.j 


(t) 


•  Tfl-^'Ct)  if  HD(i,i)  ==  1 
yTjjCt  —  At)  otherwise 


(2) 


HD(i,  j)  is  the  number  of  hop  distances  between  nodes  i  and  j. 
Thus,  when  nodes  i  and  j  are  encountered  as  1-hop  neighbors 
during  the  time  period  (t  —  At)  ,  node  i  can  collect  direct 
evidences  based  on  its  own  observations  or  experiences.  When 
nodes  i  and  j  are  distant  with  more  than  1  hop  distances,  node  i 
relies  on  its  past  experience  to  assess  the  direct  trust  of  node  j. 

The  indirect  trust  of  node  j  evaluated  by  node  i  on  trust 
component  X  at  time  t,  T/P“^(t),  is  obtained  by: 


Ti‘P-^(t) 


■Tk^t)  if  |Rj|>0 
yTyCt  —  At)  otherwise 


(3) 


When  node  i  receives  correct  recommendations  with  |Rj|  >  0, 
node  i  fully  employs  them  to  assess  the  indirect  trust.  If  Rj  is  an 
empty  set,  node  i  will  use  its  past  experience  Tjj(t  —  At)  due  to  no 
correct  recommendations  received.  For  more  details  on  the  trust 
metric,  refer  to  [6]. 

3.2  Composite  Trust-based  Public  Key 
Management  (CTPKM) 

This  work  addresses  the  communications  required  to  exchange 
confidential  information  between  two  nodes  using  public/private 
key  pairs.  Now  we  discuss  the  core  operations  of  CTPKM. 

3.2.1  Key  Generation 

For  a  self-organized  public  key  management,  each  node  generates 
its  own  public/private  key  pairs  periodically.  A  node  uses  its 
private  key  to  decrypt  received  messages  while  other  nodes  use 


the  public  key  to  send  messages  to  the  node.  A  node  updates  its 
public/private  key  pair  when  the  expiration  time  is  reached  or  the 
key  pair  should  be  updated  due  to  the  compromise  of  a  current 
private  key.  Before  distributing  a  key  pair,  a  node  should  be  able 
to  obtain  the  certificate  of  the  public  key  from  a  trustworthy  node. 
The  expiration  time  of  a  new  key  pair  is  randomly  picked  by  each 
node  based  on  exponential  distribution  with  mean  x.  We  discuss 
these  in  the  following  sections. 

3.2.2  Public  Key  Certificate  Issuance 

Each  node  asks  a  1-hop  neighbor  who  has  a  trust  value  equal  to  or 
greater  than  the  given  trust  threshold  (Tth)  for  integrity  trust  (i.e., 
Tmi  i(t)  S  T(i,),  to  be  an  issuer  of  the  certificate  of  the  public  key; 
we  call  this  node  a  neighborhood  trustworthy  certifier  (NTC).  The 
NTC  should  also  decide  whether  to  issue  the  certificate  based  on 
the  trustworthiness  of  the  requestor  in  integrity  trust  using  T,!,. 
That  is,  there  should  be  a  mutual  trust  relationship  between  a 
certificate  requestor  and  an  issuer  in  integrity  trust.  A  node 
receiving  a  public  key  of  another  node  will  assess  the  authenticity 
of  the  received  public  key  based  on  integrity  trust  of  the  NTC 
based  on  T,i,.  The  requesting  node  is  not  able  to  obtain  the 
certificate  of  its  public  key  if  its  integrity  trust  level  is  below  Tth. 
Recall  that  trust  values  are  dynamically  changing  over  time.  The 
trust  threshold  T.h  affects  the  decision  making  of  a  requesting 
node  on  whom  to  select  as  its  NTC.  If  a  low  Tth  is  used,  even  a 
relatively  untrustworthy  node  can  issue  and  certify  the  public  key 
to  others.  As  a  result,  an  attacker  can  disseminate  many 
invalid/incorrect  public  keys  so  as  to  generate  unnecessary 
communication,  resulting  in  a  waste  of  network  resources. 

3.2.3  Public  Key  Distribution 

After  a  node  obtains  its  public  key  certificate,  the  node 
disseminates  the  public  key  with  the  certificate  to  a  set  of  its  1- 
hop  neighbors  whose  trust  values  are  equal  to  or  greater  than  Tth 
for  all  three  trust  components.  That  is,  a  trustworthy  1-hop 
neighbor  k  of  node  i  should  meet  the  following  conditions: 

Ti'k(t)  >  Tth,T‘k(t)  >  Tth,TSC(t)  >  Tth  (4) 

where  T^hCt)’  Ti’k(t)>  T^k  (t)  are  the  subjective  trust  of  node  k 
evaluated  by  node  i  for  competence,  integrity,  and  social  contact 
trust,  respectively. 

Each  node  i  periodically  disseminates  its  public  key  to  the  set 
of  1-hop  neighbors  (k’s)  where  the  members  of  the  set  may 
change  as  their  trust  values  change  over  time.  Since  the  nodes  are 
mobile,  if  a  node  has  a  high  mobility  rate,  it  may  have  more 
chances  to  obtain  public  keys  of  other  nodes,  and  vice-versa. 
Selecting  the  right  set  of  neighboring  nodes  is  critical  in  revealing 
less  security  vulnerability  while  obtaining  valid/correct  public 
keys.  When  a  public  key  is  distributed  to  an  untrustworthy  node, 
the  untrustworthy  node  may  not  provide  other  nodes’  correct 
public  keys.  It  may  even  provide  incorrect  public  keys  of  others, 
increasing  communication  overhead  by  disseminating  incorrect 
public  keys  and  leading  to  high  security  vulnerability  where  the 
untrustworthy  node  may  leak  confidential  information  to  an 
attacker  who  has  obtained  the  private  key  of  the  owner  of  the 
public  key. 

When  node  i  disseminates  its  public  key  and  the  certificate  to 
the  set  of  1-hop  neighbors  based  on  Equation  4  (called 
‘trustworthy  1-hop  neighbors’  hereafter),  the  packet  consists  of 
the  following  items: 


(cr®) 

\  ‘^i, public/ 

private 


>  public 


(5) 


is  the  certificate  of  node  i’s  public  key  signed  by  the 

NTC’s  digital  signature  including  the  information  on  the  owner 
ID  (node  i),  the  NTC’s  ID,  and  expiration  time  for  the  valid  period 
of  the  public  key.  Note  the  notation  NTC  (i)  means  a  NTC  who 
issues  the  certificate  of  node  i’s  public  key.  Ki  p^vate  is  node  i’s 
private  key,  and  Ki  pat,];,;  is  node  i’s  public  key.  The  certificate  is 
encrypted  by  the  private  key  of  node  i  (Ki  pj-ivate)-  Ths  receiving 
node  will  be  able  to  decrypt  the  message  with  the  provided  public 
key,  Kj  paijiii-.  Otherwise,  the  message  will  be  discarded.  If  the 
receiving  node  can  decrypt  the  message,  it  will  check  the 
trustworthiness  of  the  NTC  in  integrity  trust  with  Tth  to  ensure  the 
authenticity  of  Kipattij,;.  If  the  NTC  is  compromised,  a  fake 
public/private  key  pair  to  perform  a  fake  identity  or  Sybil  attack 
(with  fake  ID)  may  be  generated.  Integrity  trust  check  for  NTC 
minimizes  the  chance  of  this  attack.  Each  node  distributes  its 
public  key  with  the  certificate  to  the  selected  set  of  trustworthy  1  - 
hop  neighbors  based  on  Equation  4  periodically. 

Some  nodes  may  not  have  the  public  key  of  a  particular  node  it 
wants  to  communicate  with  because  it  has  not  encountered  the 
node  as  a  1-hop  neighbor.  In  this  case,  a  node  can  request  the 
target  node’s  public  key  to  its  trustworthy  1-hop  neighbors  based 
on  Equation  4.  If  any  of  the  trustworthy  1-hop  neighbors  (m,)  has 
the  public  key  of  the  target  node,  then  it  will  provide  the  public 
key  to  node  i.  Node  mi  decides  whether  or  not  to  provide  the 
public  key  of  the  target  node  based  on  the  trust  assessment  of 
node  i  (requestor)  in  integrity  trust  (i.e.,  T^j^  j(t)  >  Ttj,).  If  node 
mi  decides  to  provide  the  public  key  of  the  target  node,  the 
returning  message  includes  the  following  items: 


„NTC(TN)  „  „ 

.^Ktn.puWIc’  *^TN, public.  IDnii 


(6) 


Node  mi  encloses  the  public  key  of  the  target  node  (TN) 
(Ktn, public),  the  TN’s  public  key  certificate  encrypted  with  the 
public  key  of  node  i  (Kj  pubii,-),  and  its  ID  (ID„|).  All  of  this 
information  is  encrypted  with  Kipubni..  When  the  requestor 
receives  this  message,  it  will  save  the  public  key  of  TN  based  on 
integrity  trust  of  the  provider  ml.  Notice  that  this  returning 
message  is  encrypted  by  the  requestor  (node  i)’s  public  key  so 
only  the  requestor  can  decrypt  this  message. 

If  any  of  the  trustworthy  1-hop  neighbors  (mi)  does  not  have 
the  public  key  of  TN,  it  will  forward  the  request  message  to  the 
set  of  its  trustworthy  1-hop  neighbors  that  meet  the  conditions  in 
Equation  4.  The  delegated  request  message  includes: 


cNTC(i)  ^ 
public’ 


1, public 


t^ml, public 


(7) 


®  defined  in  Equation  5.  ID^n  is  the  ID  of  the  TN,  and 
Kmi, public  is  the  public  key  of  node  ml  who  is  a  trustworthy  1- 
hop  neighbor  of  the  delegating  node.  The  node  receiving  the 
delegated  request  message  from  mi  decrypts  the  message  with  its 
private  key,  checks  if  it  has  the  public  key  of  the  TN,  and  checks 
if  the  requestor  passes  the  integrity  test  (i.e.,  T^i^j(t)  >  Tu,).  If 
yes,  then  it  sends  the  public  key  of  TN  to  the  original  requestor 
(node  i)  by  a  returning  message  following  the  format  specified  in 
Equation  6. 


If  an  intermediate  node  forwarding  the  request  message  is 
uncooperative  or  compromised,  the  request  message  can  be 
dropped,  therefore  many  nodes  may  not  have  valid  public  keys.  A 
less  trustworthy  1-hop  neighbor  may  even  provide  more  incorrect 
public  keys.  Therefore,  the  trust  threshold  (Tth)  affects  how  many 
valid/correct  public  keys  a  node  can  use.  We  aim  to  identify  an 
optimal  T,i,  that  generates  a  sufficient  number  of  valid  public  keys 
that  a  node  keeps  while  reducing  communication  overhead  (not 
forwarding  the  public  key  requests  to  untrustworthy  nodes)  and 
security  vulnerability  (reducing  the  use  of  a  public  key  whose 
private  key  is  compromised).  In  CTPKM,  when  a  trustworthy 
intermediate  node  that  meets  the  conditions  in  Equation  4  has  a 
valid  public  key  of  the  target  node,  it  can  provide  the  public  key 
of  the  target  node  to  the  requestor.  This  reduces  communication 
overhead  significantly  in  key  distribution. 

3.2.4  Key  Revocation  and  Update 

The  private/public  keys  of  a  node  will  be  revoked  after  the  valid 
period  expires.  Since  the  certificate  includes  the  information  on 
expiration  time,  key  revocation  due  to  the  passed  valid  period  will 
be  implicitly  known  to  other  nodes  in  the  network.  Before  the 
valid  period  is  past,  a  node’s  1-hop  neighbors  can  serve  as 
verifiers  and  apply  majority  voting  to  detect  if  the  node’s  private 
key  is  compromised.  If  the  private  key  is  deemed  compromised 
(when  the  majority  of  the  neighbors  vote  against  it),  the  node, 
being  as  the  owner  of  the  private  key,  must  notify  the  key 
compromise  event  to  all  nodes  in  the  network.  If  the  owner  of  the 
key  itself  is  compromised  and  does  not  disseminate  the  key 
compromise  message,  its  neighbors  will  decrease  the  trust  value 
of  the  node  to  hinder  the  node  from  reissuing  a  new  public/private 
key  pair.  In  CTPKM,  if  a  node  does  not  maintain  a  certain  level  of 
trust,  it  cannot  obtain  the  certificate  of  its  public  key.  Therefore, 
there  is  a  very  low  chance  for  an  untrustworthy  node  to  issue  its 
public  key  with  a  valid  certificate. 

If  an  attacker  compromises  the  private  key  of  a  node,  this  may 
introduce  security  vulnerability  that  other  nodes  may  send 
confidential  information  using  the  public  key  to  the  owner  of  the 
compromised  private  key  before  the  compromised  private  key  is 
detected.  A  compromised  private  key  can  be  detected  when  1  -hop 
neighbors  of  the  attacker  detect  fake  identity  attacks  and  receive 
the  public  key  of  another  node  from  the  attacker.  When  the 
compromised  private  key  is  detected  and  this  event  is 
disseminated  to  all  nodes  in  the  network,  the  owner  of  the  key 
must  issue  a  new  pair  of  public/private  keys.  In  this  work,  we  only 
consider  the  case  that  a  node’s  private  key  is  compromised  by  an 
attacker.  When  a  node  itself  is  compromised,  CTPKM  hinders  its 
normal  communication  with  other  nodes  by  means  of  the 
compromised  node’s  low  trust  value  assessed  by  other  nodes. 

3.3  Attack  Model 

We  consider  the  following  attacks  in  MANETs:  (1)  packet 
dropping  which  interrupts  service  availability;  (2)  message 
modification/forgery  which  hinders  effective  communication;  (3) 
fake  identity  (or  impersonation  attack)  which  breaks  information 
confidentiality  between  two  nodes;  (4)  false  recommendation 
which  promotes  inaccurate  trust  evaluation;  and  (5)  compromise 
of  private  key  which  allows  an  attacker  to  decrypt  confidential 
information  sent  by  other  nodes  using  the  associated  public  key. 
The  compromise  of  private  key  can  happen  when  a  node 
impersonates  another  node  to  intercept  all  information  forwarded 
to  the  original  owner  of  the  private  key.  We  assume  that 
impersonation  attack  can  be  detected  by  using  mechanisms  such 
as  radio  frequency  fingerprinting  or  user  mobility  profiling  [1]. 


We  assume  that  each  node  is  preinstalled  with  a  detection 
mechanism  to  monitor  misbehaviors  of  each  node  with  known 
detection  error  probabilities  (i.e.  false  positives  or  negatives).  This 
will  affect  the  accuracy  of  direct  evidence  for  integrity  trust  (cases 
2-5  above)  and  competence  trust  (case  1  above). 

3.4  Metrics 

We  use  the  following  metrics  to  assess  performance  of  CTPKM: 

•  Information  Risk  (  ):  This  indicates  the  number  of 

attempts  that  untrustworthy  nodes  (due  to  low  integrity  or 
detection  error)  disseminate  a  message  using  compromised 
key(s)  that  have  not  been  revoked/updated  during  a  group 
communication  interval  (Tqc),  representing  the  risk  introduced 
by  compromised  keys  (CK).  This  is  computed  by: 


jrisk  _  I 
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where  Ai  j(t)  =  1  if  node  i  has  the  correct  public  key  of  node  j; 
0  otherwise.  I  is  the  set  of  nodes  that  are  considered  trustworthy 
in  integrity  trust.  C  is  the  set  of  legitimate  members  whose 
private  keys  are  compromised.  M  is  the  set  of  legitimate 
members  in  the  network.  We  assume  that  if  a  node’s  private  key 
is  detected  as  compromised,  it  will  not  use  the  associated  public 
key  for  group  communication. 

•  Number  of  Correct  Public  Keys  (Ncpk):  This  refers  to  the 
average  number  of  correct  public  keys  of  other  nodes  kept  in 
each  node,  computed  by: 

liGM  ^i.j  (f) 

m\ 

0 


•  Correct  Public  Key  Ratio  (Pcpkr)-  This  refers  to  the  fraction 
of  correct  public  keys  over  the  total  number  of  public  keys  kept 
in  each  node,  obtained  by: 


Pcpkr  — 
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where  PKi  j(t)  =  1  if  node  i  has  a  public  key  of  node  j  at  time  t; 
0  otherwise.  Here  we  note  that  PKij(t)  covers  the  possibility  of 
an  incorrect  public  key  of  node  J  since  an  untrustworthy  node 
may  disseminate  an  invalid/incorrect  public  key. 

•  Service  Availability  Ratio  (Psa)'  This  refers  to  the  ratio  of  the 
average  time  period  that  a  node’s  valid/correct  public  key  is 
kept  by  other  nodes  over  the  entire  session  time,  calculated  by: 


Psa  = 
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This  metric  implies  how  much  time  each  node  keeps  another 
node’s  correct  public  key  which  has  not  expired  during  the  entire 
session  time. 

•  Communication  Overhead  (Ct„tai):  This  is  the  number  of  hop 
messages  per  time  unit  (second)  caused  by  the  proposed 
protocol,  computed  by: 


“■total 
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CkmCO  —  CkiCO  +  CkdCO  +  CkrCi) 

Ci-E(t)  is  the  numher  of  hop  messages  caused  hy  trust  evaluation 
and  CkmCi)  is  the  number  of  hop  messages  caused  by  key 
management.  CkmCO  consists  of  three  cost  components:  key 
issuance  (CKi(t)),  key  distribution  (C^DCt));  and  key  revocation 
(CKR(t)).  Note  that  for  Ci-eCi).  each  node  will  periodically  (in 
every  T^pdate)  disseminate  the  trust  values  of  its  1-hop  neighbors  to 
nodes  located  within  the  trust  chain  length  (TC). 

4.  NUMERICAL  ANALYSIS  AND 
RESULTS 


In  Fig.  1,  we  show  the  trust  bias  observed  with  TC  =  4  and  (a,  y)  = 
(0.1,  0.95)  where  a  is  a  weight  for  direct  evidence  ((1-  a)  is  a 
weight  for  indirect  evidence)  and  y  is  a  decay  factor  used  in 
Equation  1.  We  observe  that  a  =  0.1,  y  =  0.95  and  TC  =  4  are 
identified  as  optimal  settings  under  which  the  trust  bias  is 
minimized  at  0.2%  as  shown  in  Fig.  1.  Note  that  each  trust  bias 
per  time  point  in  Fig.  1  is  the  mean  of  25  observations.  Accurate 
trust  assessment  is  critical  for  a  node  to  make  effective  decisions 
on  whether  to  trust  another  node  or  not  in  order  to  reduce  loss  of 
opportunities  due  to  underestimation  or  mitigate  security 
vulnerability  introduced  by  overestimation. 

For  Fig.  2  -  Fig.  6,  we  show  the  results  with  standard 
deviations  based  on  100  simulation  runs.  We  setup  the  attack 
intensity  such  that  each  node’s  private  key  can  be  compromised 
once  per  3  hours  (l/Apo^jp)  in  this  case  study.  We  allow  a  30  min. 
warm-up  period  (T„aj.n,up )  for  peer-to-peer  trust  evaluation  to 
reach  a  sufficiently  accurate  level.  We  use  a  5  min.  trust  update 
interval  (Tup^ate)- 


This  section  shows  numerical  results  obtained  from  simulation. 
Our  simulation  is  conducted  using  SMPL  [13]  in  C,  an  event 
driven  simulator.  Table  1  gives  the  set  of  parameters  and  their 
values  for  defining  the  simulation  environment.  We  use  the 
optimal  trust  chain  length  (i.e.,  TC=4)  identified  in  [6]  for 
maximizing  trust  accuracy  (or  minimizing  trust  bias)  for  this 
environment  with  approximately  0.07%  of  trust  bias  over  7000 
observations.  Initial  values  of  each  trust  property  are  seeded  with 
a  random  variable  selected  from  the  range  in  [GB,  1]  based  on 
uniform  distribution  where  GB  is  the  lower  bound.  The  trust 
values  are  also  affected  by  network  conditions  and  link 
unreliability  in  competence  and  the  number  of  encountered 
entities  in  social  contact.  The  initial  estimated  trust  value  at  time 
t=0  is  set  to  0.5,  implying  ignorance.  We  report  the  impact  of 
various  trust  thresholds  on  the  performance  metrics  defined  in 
Section  3.4  with  varying  network  hostility. 


Table  1:  System  parameters  and  default  values 


Parameter 

Value 

Parameter 

Value 

GB 

p 

1 

o 

a,  y 

0.1,0.95 

T,h 

0,  0.5 -0.9 

TC 

4 

T 

*  warmup 

30  min 

"^update 

5  min 

FT 

24  hrs 

Tgc 

5  min 

1/^comp 

3  hrs 

R 

150  m 

N 

100 

l/k,  1/p 

1  hr,  4  hrs 

Vi 

(0,  10]  m/s 

Pfn,  Pfp 

(0,  0.05] 

Fig.  1.  Trust  bias  with  (a,  y)  =  (0.1,  0.95)  and  TC  =  4. 
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Fig.  2.  Information  Risk  (N"k'‘)  vs.  trust  thresholds  (T,,,) 
under  various  initial  trust  levels  (GB). 

Recall  that  a  node  uses  T,!,  to  filter  out  trustworthy  nodes  to  make 
decisions  in  key  management.  Using  a  lower  T,i,  means  that  more 
nodes  share  confidential  information  while  using  a  higher  T,i, 
implies  fewer  nodes  know  it.  Fig.  2  shows  the  impact  of  the  trust 
threshold  (T,i,)  on  information  risk  (Ner*')  as  the  initial  trust  level 
(GB  as  the  lower  bound  of  the  seeds)  varies.  The  case  with  zero 
trust  threshold  used  (i.e.,  Uh  =0)  is  a  baseline  model  where  no 
trust  is  being  used  in  decision  making.  Overall,  we  observe  that 
using  a  higher  Tn,  mitigates  information  risk  more  because  fewer 
nodes  know  the  public  key  of  a  compromised  private  key.  On  the 
other  hand,  using  a  lower  T,i,  increases  the  chance  that  many 
nodes  share  the  public  key  of  the  compromised  private  key, 
resulting  in  a  higher  information  risk.  Particularly,  when  there  are 
more  trustworthy  nodes  (i.e.,  GB  =  0.9),  relatively  more  nodes 
know  the  public  key  even  using  a  high  T,i,  because  more  nodes 
exist  with  the  trust  values  equal  to  or  above  Tth.  Note  that  the 
standard  deviation  error  bar  is  long  especially  when  the  trust 
threshold  is  low  and  GB  is  low  because  nodes  with  a  wide  range 
of  trustworthiness  can  participate  in  key  distribution. 

Fig.  3  explains  how  T,i,  affects  the  average  number  of  correct 
public  keys  kept  by  each  node  as  GB  varies.  Intuitively,  when 
there  are  more  trustworthy  nodes  in  the  network  (e.g.,  GB  =  0.8  or 
0.9),  each  node  has  more  chances  to  obtain  correct  public  keys  of 
others  because  more  nodes  are  qualified  for  the  given  T,h  and 
fewer  nodes  drop  the  public  key  request  message  or  provide 
incorrect  public  keys.  In  addition,  using  a  lower  Tth  helps  a  node 


obtain  more  correct  public  keys  due  to  the  use  of  a  more  relaxed 
trust  threshold,  while  using  a  higher  T,h  provides  less  chances  for 
a  node  to  obtain  correct  public  keys  as  fewer  nodes  can  access 
public  keys. 
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Trust  threshold  (T,,,) 

Fig.  3.  Number  of  correct  public  keys  (Ncpk)  vs.  trust 
thresholds  (Tth)  under  various  initial  trust  levels  (GB). 
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Fig.  4.  Correct  public  key  ratio  (Pcpkr)  vs.  trust  thresholds 
(Tth)  under  various  initial  trust  levels  (GB). 

Fig.  4  shows  the  effect  of  T,i,  on  the  correct  public  key  ratio 
(Pcpkr)  GB  varies.  Recall  that  Pcpkr  is  defined  as  the  ratio  of 
the  average  number  of  correct  public  keys  to  the  total  number  of 
public  keys  (regardless  of  correctness)  kept  in  each  node.  As 
shown  in  Fig.  4,  the  correctness  of  the  public  keys  obtained 
increases  under  a  higher  T,h.  This  implies  that  when  a  higher  T,h  is 
used,  there  is  a  smaller  chance  for  a  public  key  to  be  modified. 
That  is,  as  long  as  the  public  key  of  a  node  is  safely  delivered  to 
the  requestor,  it  is  more  likely  to  be  authentic  because  both  the 
provider  of  the  public  key  and  the  intermediate  nodes  forwarding 
the  public  key  are  trustworthy  using  a  higher  T,|,.  Notice  that  when 
there  are  more  trustworthy  nodes  (i.e.,  GB  =  0.8  or  0.9),  Pcpkr  is 
almost  insensitive  to  T,|,  because  most  nodes  behave  well 
regardless  of  the  level  of  Td,  used. 

Fig.  5  addresses  how  T,|,  impacts  service  availability  ratio 
(Psa)  as  GB  varies.  Recall  that  Psa  indicates  the  average  time  that 
a  node  has  a  valid  (not  expired)  and  correct  public  key  of  other 
nodes  over  the  entire  session  time.  A  node’s  public/private  key 
pair  is  updated  periodically  so  other  nodes  may  keep  an  obsolete 
copy  of  the  public  key.  In  addition,  a  node  may  have  an  incorrect 
public  key  of  another  node  because  untrustworthy  nodes  may 
have  modified  the  public  key  and  provided  it  to  the  requesting 


node.  We  observe  from  Fig.  5  that  except  the  case  in  which  most 
nodes  are  trustworthy  (i.e.,  GB  =  0.9),  there  exists  an  optimal  T,i, 
that  maximizes  Psa-  The  reason  is  that  when  a  lower  Tn,  is  used, 
public  keys  are  more  likely  to  be  modified  or  dropped  because 
untrustworthy  nodes  have  chances  to  forward  or  provide  public 
keys  upon  request/distribution.  On  the  other  hand,  when  a  higher 
T,|,  is  used,  the  standard  for  forwarding/providing  a  public  key  is 
stricter  and  fewer  nodes  are  qualified  for  providing  the  public  key. 
Essentially  the  optimal  T,i,  maximizing  Psa  exists  due  to  the 
inherent  tradeoff  between  trust  and  risk.  That  is,  using  a  high  T,h 
is  regarded  as  applying  low  trust  towards  other  nodes  (avoiding 
risk  for  security)  while  using  a  low  Tn,  is  interpreted  as  applying 
high  trust  towards  other  nodes  (taking  risk  for  performance). 


Fig.  5.  Service  availability  ratio  (Psa)  vs.  trust  thresholds 
(Tth)  under  various  initial  trust  levels  (GB). 
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Trust  threshold  (T,h) 

Fig.  6.  Conununication  overhead  (Ctotai)  vs.  trust  thresholds 
(Tth)  under  various  initial  trust  levels  (GB). 

Fig.  6  shows  the  impact  of  Tth  on  communication  overhead  (Ctotai) 
as  GB  varies.  Recall  that  Ctotai  increases  when  more  requests  for 
public  keys  are  generated  due  to  the  detection  of  incorrect  public 
keys  kept  in  each  node.  In  addition,  Ctotai  grows  when  more  nodes 
are  involved  in  forwarding  messages.  On  the  other  hand,  Ctotai 
decreases  when  a  node  obtains  a  correct  public  key  of  another 
node  upon  the  first  request/distribution.  Ctotai  also  decreases  when 
fewer  nodes  are  involved  in  distributing  public  keys.  When  fewer 
trustworthy  nodes  are  in  the  network  (i.e.,  GB  <  0.8),  using  a 
lower  Tth  increases  Ctotai  because  fewer  correct  public  keys  are 
received  in  each  node,  thus  introducing  extra  communication 
overhead  to  request  the  same  public  keys  again. 

In  addition,  using  lower  T,h  allows  more  nodes  to  be  involved 
in  distributing  public  keys,  leading  to  a  higher  communication 


overhead.  By  contrast,  when  a  higher  Tti,  is  used,  much  fewer 
nodes  are  participating  in  distributing  public  keys,  resulting  in  less 
communication  overhead.  Note  that  when  Tth  =  0,  the 
communication  cost  due  to  trust  evaluation  is  not  counted  because 
the  case  with  T,i,  =  0  is  a  baseline  scheme  that  does  not  use  any 
trust  in  each  node’s  decision  making. 

When  more  trustworthy  nodes  exist  in  the  network  (i.e.,  GB  = 
0.8  or  0.9),  most  nodes  behave  well  regardless  of  the  level  of  Tth 
used.  Thus,  we  observe  that  Ctotai  tends  to  be  insensitive  to  Tth 
under  trustworthy  network  environments. 

5.  CONCLUSION 

In  this  paper,  we  proposed  a  composite  trust  based  public  key 
management  scheme  (CTPKM)  for  MANETs.  Considering  three 
different  trust  dimensions,  namely,  competence,  integrity,  and 
social  contact,  the  proposed  CTPKM  enables  a  node  to  make 
decisions  in  interacting  with  others  based  on  their  trust  levels.  We 
devised  five  performance  metrics  to  investigate  the  impact  of  the 
trust  threshold  (T,h)  on  security  vulnerability  (i.e.,  information  risk 
and  correct  public  key  ratio  metrics),  availability  (i.e.,  the  number 
of  correct  public  keys  obtained  in  each  node  and  service 
availability  ratio  metrics),  and  performance  (i.e.,  communication 
overhead  metric)  in  CTPKM. 

We  conclude  the  findings  obtained  from  extensive  simulation 
as  follows.  Using  a  higher  T,h  is  preferred  to  minimize  the 
information  risk,  correct  public  key  ratio,  and  communication 
overhead  metrics,  while  using  a  lower  Tth  is  desirable  to  obtain 
more  correct  public  keys.  Further,  there  exists  an  optimal  Tth  that 
maximizes  the  service  availability  ratio  metric  due  to  the  inherent 
tradeoff  between  trust  and  risk.  Leveraging  the  tradeoff  between 
trust  and  risk  studied  in  this  work,  system  designers  may  fine-tune 
the  protocol  setting  to  maximize  performance  while  enhancing 
security,  when  given  a  set  of  parameter  values  as  given  in  Table  1 
characterizing  the  network  environmental  conditions. 

In  this  work,  we  assumed  random  mobility.  In  the  future,  we 
plan  to  apply  mobility  traces  in  sparse  or  social  MANETs  as  in  [5] 
and  analyze  the  effect  of  mobility  on  CTPKM  performance.  In 
this  work,  we  also  assumed  a  single  threshold  for  trustworthiness 
classification.  We  plan  to  investigate  more  sophisticated  fuzzy 
failure  criteria  as  in  [2]  to  further  enhance  CTPKM  performance. 
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